geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Making changes to remove the need for the auth.policy to contain

Browse Source 
the mechanism information element. This change breaks the build since it
is not complete.
This commit is contained in:
Juan Carlos Luciani 2006-11-03 13:35:36 +00:00
parent 47a2358a9e
commit 01b99ffc0d
4 changed files with 72 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CASA-auth-token/non-java/client/authpolicy.c
View File

@ -344,6 +344,7 @@ AuthPolicyCharDataHandler(
break; break;
case AWAITING_MECHANISM_DATA: case AWAITING_MECHANISM_DATA:
case AWAITING_MECHANISM_ELEMENT_END:
// Get access to the AuthContext at the tail of the list // Get access to the AuthContext at the tail of the list
pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink,
@ -368,6 +369,7 @@ AuthPolicyCharDataHandler(
break; break;
case AWAITING_MECHANISM_INFO_DATA: case AWAITING_MECHANISM_INFO_DATA:
case AWAITING_MECHANISM_INFO_ELEMENT_END:
// Get access to the AuthContext at the tail of the list // Get access to the AuthContext at the tail of the list
pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink,
@ -392,6 +394,7 @@ AuthPolicyCharDataHandler(
break; break;
case AWAITING_UNKNOWN_DATA: case AWAITING_UNKNOWN_DATA:
case AWAITING_UNKNOWN_ELEMENT_END:
// Just advance the state // Just advance the state
pAuthPolicyParse->state = AWAITING_UNKNOWN_ELEMENT_END; pAuthPolicyParse->state = AWAITING_UNKNOWN_ELEMENT_END;
@ -593,7 +596,7 @@ CreateAuthPolicy(
* The authentication policy document can contain multiple auth_source * The authentication policy document can contain multiple auth_source
* elements. These auth_source elements can be for different authentication * elements. These auth_source elements can be for different authentication
* sources or for the same authentication source but specifying a different * sources or for the same authentication source but specifying a different
* authentication mechanism. * authentication mechanism. The mechanism_info element is optional.
* *
* The following is a sample authentication policy document: * The following is a sample authentication policy document:
* *

35
CASA-auth-token/non-java/client/mechanisms/krb5/linux/get.c
View File

@ -120,6 +120,8 @@ AuthTokenIf_GetAuthToken(
IN const void *pIfInstance, IN const void *pIfInstance,
IN const char *pContext, IN const char *pContext,
IN const char *pMechInfo, IN const char *pMechInfo,
IN const char *pHostName,
IN void *pCredStoreScope,
INOUT char *pTokenBuf, INOUT char *pTokenBuf,
INOUT int *pTokenBufLen) INOUT int *pTokenBufLen)
// //
@ -144,6 +146,15 @@ AuthTokenIf_GetAuthToken(
// may be the service principal name to which the user will be // may be the service principal name to which the user will be
// authenticating. // authenticating.
// //
// pHostName -
// Pointer to null terminated string containing the name of the
// host where the ATS resides.
//
// pCredStoreScope -
// Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged when running in
// the context of System under Windows.
//
// pTokenBuf - // pTokenBuf -
// Pointer to buffer that will receive the authentication // Pointer to buffer that will receive the authentication
// token. The length of this buffer is specified by the // token. The length of this buffer is specified by the
@ -180,7 +191,7 @@ AuthTokenIf_GetAuthToken(
// Validate input parameters // Validate input parameters
if (pIfInstance == NULL if (pIfInstance == NULL
|| pContext == NULL || pContext == NULL
|| pMechInfo == NULL || pHostName == NULL
|| pTokenBufLen == NULL || pTokenBufLen == NULL
|| (pTokenBuf == NULL && *pTokenBufLen != 0)) || (pTokenBuf == NULL && *pTokenBufLen != 0))
{ {
@ -192,6 +203,23 @@ AuthTokenIf_GetAuthToken(
goto exit; goto exit;
} }
// Check if we need to construct the service name
if (pKrbServiceName == NULL
|| strlen(pKrbServiceName) == 0)
{
// The service name will default to host/hostname
pKrbServiceName = malloc(5 /*"host/"*/ + strlen(pHostName) + 1 /*'/0'*/)
if (pKrbServiceName)
{
sprintf("host/%s", pHostName);
}
else
{
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
goto exit;
}
}
// Import the service principal name into something that // Import the service principal name into something that
// GSS-API can understand based on its form. // GSS-API can understand based on its form.
gssBuffer.value = (void*) pKrbServiceName; gssBuffer.value = (void*) pKrbServiceName;
@ -313,6 +341,11 @@ AuthTokenIf_GetAuthToken(
exit: exit:
// Free buffer holding the Krb Service Name if necessary
if (pKrbServiceName
&& pKrbServiceName != pMechInfo)
free(pKrbServiceName);
DbgTrace(1, "-AuthTokenIf_GetAuthToken- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-AuthTokenIf_GetAuthToken- End, retStatus = %08X\n", retStatus);
return retStatus; return retStatus;

29
CASA-auth-token/non-java/client/mechanisms/krb5/windows/get.c
View File

@ -40,6 +40,7 @@ AuthTokenIf_GetAuthToken(
IN const void *pIfInstance, IN const void *pIfInstance,
IN const char *pContext, IN const char *pContext,
IN const char *pMechInfo, IN const char *pMechInfo,
IN const char *pHostName,
IN void *pCredStoreScope, IN void *pCredStoreScope,
INOUT char *pTokenBuf, INOUT char *pTokenBuf,
INOUT int *pTokenBufLen) INOUT int *pTokenBufLen)
@ -61,6 +62,10 @@ AuthTokenIf_GetAuthToken(
// may be the service principal name to which the user will be // may be the service principal name to which the user will be
// authenticating. // authenticating.
// //
// pHostName -
// Pointer to null terminated string containing the name of the
// host where the ATS resides.
//
// pCredStoreScope - // pCredStoreScope -
// Pointer to CASA structure for scoping credential store access // Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged when running in // to specific users. This can only be leveraged when running in
@ -102,7 +107,7 @@ AuthTokenIf_GetAuthToken(
// Validate input parameters // Validate input parameters
if (pIfInstance == NULL if (pIfInstance == NULL
|| pContext == NULL || pContext == NULL
|| pMechInfo == NULL || pHostName
|| pTokenBufLen == NULL || pTokenBufLen == NULL
|| (pTokenBuf == NULL && *pTokenBufLen != 0)) || (pTokenBuf == NULL && *pTokenBufLen != 0))
{ {
@ -114,6 +119,23 @@ AuthTokenIf_GetAuthToken(
goto exit; goto exit;
} }
// Check if we need to construct the service name
if (pKrbServiceName == NULL
|| strlen(pKrbServiceName) == 0)
{
// The service name will default to host/hostname
pKrbServiceName = malloc(5 /*"host/"*/ + strlen(pHostName) + 1 /*'/0'*/)
if (pKrbServiceName)
{
sprintf("host/%s", pHostName);
}
else
{
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
goto exit;
}
}
// Acquire a credential handle for the current user // Acquire a credential handle for the current user
secStatus = AcquireCredentialsHandle(NULL, // no principal name secStatus = AcquireCredentialsHandle(NULL, // no principal name
"Kerberos", // package name "Kerberos", // package name
@ -234,6 +256,11 @@ AuthTokenIf_GetAuthToken(
exit: exit:
// Free buffer holding the Krb Service Name if necessary
if (pKrbServiceName
&& pKrbServiceName != pMechInfo)
free(pKrbServiceName);
DbgTrace(1, "-AuthTokenIf_GetAuthToken- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-AuthTokenIf_GetAuthToken- End, retStatus = %08X\n", retStatus);
return retStatus; return retStatus;

6
CASA-auth-token/non-java/client/mechanisms/pwd/get.c
View File

@ -211,6 +211,10 @@ AuthTokenIf_GetAuthToken(
// may be the service principal name to which the user will be // may be the service principal name to which the user will be
// authenticating. // authenticating.
// //
// pHostName -
// Pointer to null terminated string containing the name of the
// host where the ATS resides.
//
// pCredStoreScope - // pCredStoreScope -
// Pointer to CASA structure for scoping credential store access // Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged when running in // to specific users. This can only be leveraged when running in
@ -250,7 +254,7 @@ AuthTokenIf_GetAuthToken(
// Validate input parameters // Validate input parameters
if (pIfInstance == NULL if (pIfInstance == NULL
|| pContext == NULL || pContext == NULL
|| pMechInfo == NULL || pHostName == NULL
|| pTokenBufLen == NULL || pTokenBufLen == NULL
|| (pTokenBuf == NULL && *pTokenBufLen != 0)) || (pTokenBuf == NULL && *pTokenBufLen != 0))
{ {